Sujet Précédent Sujet Suivant

Impossible de remettre antivivir free edition

Fermé
jorandall62 Messages postés 596 Date d'inscription jeudi 24 janvier 2008 Statut Membre Dernière intervention 6 octobre 2023 - 3 juin 2009 à 03:17
 Utilisateur anonyme - 12 juin 2009 à 17:17
Bonjour,
j'ai voulu retirer mon antivirus " antivir" personnal free edition avira avec le logiciel "revo uninstaller "pour en mettre un autre.( avg antivirus free )
mais finalement je voulais revenir a antivir mais je n'arrive plus à l'installer !!
soit j'ai cette fenétre;
" CCPLG.XML: unable to find file ( c:/programfiles/avira/antivir personnaledition classic/ccplg.xml "
soit cette autre fenetre :
"un produit de avira gmbh est déjà installé sur votre systéme,souhaitez vous desinstaller pour installer le nouveau ?............pour cela il faut redémarrer "
j'ai pourtant tout retirer d'antivir ou avira avant de refaire l'installation , j'ai fait aussi un nettoyage du registre avec ccleaner mais pas moyen d'installer "antivir " !!!
merci pour vos aides
A voir également:

162 réponses

Précédent
Réponse 41 / 162
jorandall62 Messages postés 596 Date d'inscription jeudi 24 janvier 2008 Statut Membre Dernière intervention 6 octobre 2023 56
4 juin 2009 à 14:11
ComboFix 09-06-03.04 - jorandall62 2009-06-04 14:00.7 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6001.1.1252.1.1036.18.2046.1183 [GMT 2:00]
Lancé depuis: c:\users\jorandall62\Desktop\ComboFix2.exe
Commutateurs utilisés :: c:\users\jorandall62\Desktop\CFScript.txt
SP: AVG Anti-Spyware *disabled* (Outdated) {48F2E28D-ED66-4646-9C11-B3055B0AF604}
SP: Spy Emergency *disabled* (Updated) {773EE130-7EFF-422a-B0FB-8A71604A2FF9}
SP: Spybot - Search and Destroy *disabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: SUPERAntiSpyware *enabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((( Fichiers créés du 2009-05-04 au 2009-06-04 ))))))))))))))))))))))))))))))))))))
.

2009-06-04 12:06 . 2009-06-04 12:06 -------- d-----w- c:\users\jorandall62\AppData\Local\temp
2009-06-04 12:06 . 2009-06-04 12:06 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2009-06-03 19:49 . 2009-06-03 19:49 -------- d-----w- C:\_OTM
2009-06-03 17:17 . 2009-06-03 17:30 -------- d-s---w- C:\ComboFix
2009-06-03 13:44 . 2009-06-03 14:36 -------- d-----w- C:\UsbFix
2009-06-03 13:10 . 2009-06-03 13:10 -------- d-----w- C:\rsit
2009-06-02 22:46 . 2009-06-02 23:32 -------- d-----w- c:\program files\RegCleaner
2009-05-29 13:55 . 2007-02-21 11:47 31232 --sh--r- c:\windows\system32\msfDX.dll
2009-05-29 13:50 . 2009-06-03 00:52 -------- d-----w- c:\program files\eRightSoft
2009-05-28 14:58 . 2008-03-16 13:30 216064 --sha-r- c:\windows\system32\nbDX.dll
2009-05-28 14:58 . 2006-05-03 10:06 163328 --sha-r- c:\windows\system32\flvDX.dll
2009-05-26 22:13 . 2009-05-28 10:53 -------- d-----w- c:\users\jorandall62\AppData\Roaming\Software Informer
2009-05-26 22:13 . 2009-05-28 10:48 -------- d-----w- c:\program files\Software Informer
2009-05-26 22:13 . 2009-05-28 10:59 -------- d-----w- c:\users\jorandall62\AppData\Roaming\Free Download Manager
2009-05-26 22:13 . 2009-05-28 10:48 -------- d-----w- c:\program files\Free Download Manager
2009-05-26 18:15 . 2009-05-28 10:48 -------- d-----w- c:\program files\VDOWNLOADER
2009-05-26 14:29 . 2009-05-26 14:37 -------- d-----w- C:\My Videos
2009-05-26 14:24 . 2009-05-26 14:24 -------- d-----w- c:\programdata\Apowersoft
2009-05-22 15:31 . 2009-05-22 15:31 -------- d-----w- c:\program files\Magicbit
2009-05-20 20:28 . 2009-05-20 21:19 -------- d-----w- c:\users\jorandall62\AppData\Roaming\Broad Intelligence
2009-05-20 20:25 . 2009-05-21 18:17 -------- d-----w- c:\users\jorandall62\AppData\Roaming\OpenCandy
2009-05-19 18:43 . 2009-05-19 18:43 -------- d-----w- C:\ConverterOutput
2009-05-19 18:42 . 2009-05-19 18:42 -------- d-----w- c:\program files\Cucusoft
2009-05-17 18:24 . 2009-06-03 00:52 -------- d-----w- c:\program files\Common Files\SNP2UVC
2009-05-17 18:24 . 2007-09-11 14:10 303104 ----a-w- c:\windows\system32\vsnp2uvc.dll
2009-05-17 18:24 . 2007-08-10 16:41 180224 ----a-w- c:\windows\system32\rsnp2uvc.dll
2009-05-17 18:24 . 2007-07-11 16:18 237568 ----a-w- c:\windows\tsnp2uvc.exe
2009-05-17 18:24 . 2007-07-11 13:31 569344 ----a-w- c:\windows\vsnp2uvc.exe
2009-05-17 18:24 . 2007-07-04 15:28 176128 ----a-w- c:\windows\system32\csnp2uvc.dll
2009-05-17 10:28 . 2009-05-17 10:40 -------- d-----w- c:\program files\PurFlirt
2009-05-15 15:32 . 2009-05-15 15:32 -------- d-----w- c:\program files\Fritivi
2009-05-12 17:51 . 2009-05-15 09:25 -------- d-----w- c:\program files\PC
2009-05-07 14:55 . 2009-06-03 00:52 -------- d-----w- c:\program files\WinAVI MP4 Converter
2009-05-07 13:35 . 2009-05-07 13:35 -------- d-----w- c:\users\jorandall62\AppData\Local\Apple Computer
2009-05-07 13:14 . 2009-06-03 00:52 -------- d-----w- c:\programdata\Apple Computer
2009-05-07 13:13 . 2009-05-07 13:13 -------- d-----w- c:\users\jorandall62\AppData\Local\Apple
2009-05-07 13:13 . 2009-06-03 00:52 -------- d-----w- c:\program files\Apple Software Update
2009-05-07 13:13 . 2009-06-03 00:52 -------- d-----w- c:\programdata\Apple
2009-05-07 11:51 . 2009-05-08 06:40 -------- d-----w- c:\program files\Reganam
2009-05-07 08:50 . 2009-05-07 09:34 -------- d-----w- c:\program files\Daniusoft
2009-05-06 16:44 . 2009-05-06 16:44 -------- d-----w- c:\program files\IVT Corporation

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-04 11:11 . 2008-03-31 20:24 -------- d-----w- c:\users\jorandall62\AppData\Roaming\dvdcss
2009-06-04 09:35 . 2007-12-14 16:32 -------- d-----w- c:\programdata\WholeSecurity
2009-06-04 08:37 . 2009-04-03 18:04 117760 ----a-w- c:\users\jorandall62\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-06-03 15:19 . 2007-12-15 21:45 -------- d-----w- c:\program files\Trend Micro
2009-06-03 00:59 . 2007-09-16 17:37 -------- d-----w- c:\programdata\Google Updater
2009-06-03 00:54 . 2007-01-02 15:47 -------- d-----w- c:\program files\Common Files\LightScribe
2009-06-02 19:26 . 2009-04-02 22:40 -------- d-----w- c:\program files\Common Files\PC Tools
2009-06-02 19:24 . 2007-12-12 22:39 -------- d-----w- c:\programdata\PC Tools
2009-05-29 20:37 . 2006-11-02 15:48 669328 ----a-w- c:\windows\system32\perfh00C.dat
2009-05-29 20:37 . 2006-11-02 15:48 123350 ----a-w- c:\windows\system32\perfc00C.dat
2009-05-28 11:45 . 2008-06-20 22:23 3371383 ----a-w- c:\programdata\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-05-26 11:20 . 2008-12-31 15:28 40160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-26 11:19 . 2008-06-20 22:22 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-05-23 16:35 . 2007-12-14 22:39 -------- d-----w- c:\program files\AVS4YOU
2009-05-19 10:20 . 2009-04-22 10:04 -------- d-----w- c:\programdata\Bluetooth
2009-05-12 14:20 . 2008-03-02 22:12 -------- d-----w- c:\users\jorandall62\AppData\Roaming\Vso
2009-05-10 13:50 . 2009-04-02 01:47 -------- d-----w- c:\users\jorandall62\AppData\Roaming\Azureus
2009-05-09 15:50 . 2008-12-03 22:07 -------- d-----w- c:\users\jorandall62\AppData\Roaming\ArcSoft
2009-05-07 14:54 . 2007-12-22 20:52 2560 ----a-w- c:\windows\_MSRSTRT.EXE
2009-05-07 11:05 . 2009-04-11 22:44 -------- d-----w- c:\program files\SoftPepper Video Converter 2.0
2009-05-06 16:46 . 2009-04-22 20:57 836 ----a-w- c:\windows\bthservsdp.dat
2009-04-30 09:22 . 2009-04-30 09:22 -------- d-----w- c:\program files\Secret Maryo Chronicles
2009-04-27 16:57 . 2008-09-01 22:15 1 ----a-w- c:\users\jorandall62\AppData\Roaming\OpenOffice.org2\user\uno_packages\cache\stamp.sys
2009-04-27 16:57 . 2008-09-01 22:13 -------- d-----w- c:\users\jorandall62\AppData\Roaming\OpenOffice.org2
2009-04-22 20:56 . 2009-04-22 20:34 -------- d-----w- c:\program files\Common Files\SmartCom
2009-04-22 20:55 . 2009-04-21 16:04 -------- d-----w- c:\program files\younan.info
2009-04-22 20:55 . 2008-04-22 17:08 -------- d-----w- c:\program files\SmartFTP Client 3.0 Setup Files
2009-04-22 20:35 . 2009-04-22 20:35 143 ----a-w- c:\users\jorandall62\AppData\Local\FSCache.dat
2009-04-22 20:33 . 2009-04-22 20:33 -------- d-----w- c:\program files\SmartCom
2009-04-21 15:57 . 2009-04-21 15:55 -------- d-----w- c:\program files\SMStoB
2009-04-21 15:45 . 2009-04-21 15:43 290816 ------w- c:\windows\Setup1.exe
2009-04-21 15:45 . 2009-04-21 15:43 74752 ----a-w- c:\windows\ST6UNST.EXE
2009-04-21 11:34 . 2009-04-21 11:21 -------- d-----w- c:\program files\BarreMagique
2009-04-19 10:40 . 2009-04-19 10:40 5004 ----a-w- c:\users\jorandall62\nodes.dat
2009-04-18 09:33 . 2009-04-17 07:39 181 ----a-w- c:\users\jorandall62\AppData\Roaming\Azureus\restart.bat
2009-04-13 18:38 . 2009-04-13 18:38 -------- d-----w- c:\program files\vghd
2009-04-13 18:38 . 2009-04-13 18:38 152904 ----a-w- c:\windows\system32\vghd.scr
2009-04-13 18:38 . 2009-04-13 18:38 -------- d-----w- c:\users\jorandall62\AppData\Roaming\vghd
2009-04-12 12:31 . 2008-01-03 23:16 -------- d-----w- c:\users\jorandall62\AppData\Roaming\XnView
2009-04-10 22:51 . 2009-04-10 22:51 -------- d-----w- c:\programdata\Soulseek
2009-04-10 21:36 . 2009-04-01 23:28 -------- d-----w- c:\users\jorandall62\AppData\Roaming\Shareaza
2009-04-07 15:55 . 2008-12-27 11:37 86576 ----a-w- c:\users\jorandall62\AppData\Roaming\Microsoft\Services Windows Live\Raccourci Galerie de Photos Windows Live.exe
2009-04-07 15:55 . 2008-12-27 11:37 132672 ----a-w- c:\users\jorandall62\AppData\Roaming\Microsoft\Services Windows Live\Raccourci Windows Live Messenger.exe
2009-04-07 15:55 . 2008-12-27 11:37 392728 ----a-w- c:\users\jorandall62\AppData\Roaming\Microsoft\Services Windows Live\Services Windows Live.dll
2009-04-07 11:29 . 2007-09-20 13:04 680 ----a-w- c:\users\jorandall62\AppData\Local\d3d9caps.dat
2009-04-07 11:07 . 2009-04-07 11:07 -------- d-----w- c:\program files\Microsoft Sync Framework
2009-04-06 14:06 . 2009-04-06 14:06 155648 ----a-w- c:\windows\system32\libssl32.dll
2009-04-06 10:25 . 2008-08-18 14:02 -------- d-----w- c:\programdata\NOS
2009-03-17 03:38 . 2009-04-15 10:34 13824 ----a-w- c:\windows\system32\apilogen.dll
2009-03-17 03:38 . 2009-04-15 10:34 24064 ----a-w- c:\windows\system32\amxread.dll
2009-03-09 03:19 . 2008-12-27 21:50 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-03-08 16:42 . 2009-03-08 16:42 684872 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2005-05-18 11:27 . 2008-08-01 13:55 1564 ----a-w- c:\program files\Readme.txt
2008-08-03 20:34 . 2008-08-03 20:34 122880 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
2007-09-16 07:06 . 2007-09-16 17:38 66408 ----a-w- c:\program files\mozilla firefox\components\jar50.dll
2007-09-16 07:06 . 2007-09-16 17:38 54112 ----a-w- c:\program files\mozilla firefox\components\jsd3250.dll
2007-09-16 07:06 . 2007-09-16 17:38 34688 ----a-w- c:\program files\mozilla firefox\components\myspell.dll
2007-09-16 07:06 . 2007-09-16 17:38 46456 ----a-w- c:\program files\mozilla firefox\components\spellchk.dll
2007-09-16 07:07 . 2007-09-16 17:38 171880 ----a-w- c:\program files\mozilla firefox\components\xpinstal.dll
2006-05-03 10:06 . 2009-05-28 14:58 163328 --sha-r- c:\windows\System32\flvDX.dll
2007-02-21 11:47 . 2009-05-29 13:55 31232 --sh--r- c:\windows\System32\msfDX.dll
2008-03-16 13:30 . 2009-05-28 14:58 216064 --sha-r- c:\windows\System32\nbDX.dll
.

((((((((((((((((((((((((((((( SnapShot@2009-06-04_09.19.54 )))))))))))))))))))))))))))))))))))))))))
.
- 2007-11-03 15:41 . 2009-05-28 19:09 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2007-11-03 15:41 . 2009-06-04 10:15 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2007-11-03 15:41 . 2009-06-04 10:15 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2007-11-03 15:41 . 2009-05-28 19:09 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2007-11-03 15:41 . 2009-06-04 10:15 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2007-11-03 15:41 . 2009-05-28 19:09 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2008-01-22 152872]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-05-27 1830128]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-11-06 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-11-06 8530464]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-11-06 81920]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2009-04-29 188728]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-07 413696]
"snp2uvc"="c:\windows\vsnp2uvc.exe" [2007-07-11 569344]
"tsnp2uvc"="c:\windows\tsnp2uvc.exe" [2007-07-11 237568]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
BlueSoleil.lnk - c:\program files\IVT Corporation\BlueSoleil\gprs.exe [2007-12-27 43608]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"FilterAdministratorToken"= 0
"EnableUIADesktopToggle"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 10:05 356352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~3\GoogleDesktopNetwork3.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"="0x00000000"
"UpdatesDisableNotify"="0x00000000"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"DefaultOutboundAction"= 0 (0x0)
"DefaultInboundAction"= 1 (0x1)
"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{B0CEABE2-9804-4FD3-9DA5-56CD7BB65874}"= Disabled:UDP:c:\program files\Alwil Software\Avast4\ashAvast.exe:avast! Antivirus
"{56D49FDB-819E-47C1-A527-98BA0606717F}"= Disabled:TCP:c:\program files\Alwil Software\Avast4\ashAvast.exe:avast! Antivirus
"TCP Query User{3CCE7B96-E0DE-4AF5-A832-6DEA6555977F}c:\\program files\\msn messenger\\msnmsgr.exe"= UDP:c:\program files\msn messenger\msnmsgr.exe:Messenger
"UDP Query User{68B54872-872B-45E7-AFD2-99643E4B5202}c:\\program files\\msn messenger\\msnmsgr.exe"= TCP:c:\program files\msn messenger\msnmsgr.exe:Messenger
"TCP Query User{E966C56B-2CE0-4B56-9659-1DD541843AEE}c:\\program files\\emule\\emule.exe"= UDP:c:\program files\emule\emule.exe:eMule
"UDP Query User{21492215-4B7A-43A9-8657-72A138524CEA}c:\\program files\\emule\\emule.exe"= TCP:c:\program files\emule\emule.exe:eMule
"{99A3AD36-B1EF-410C-B50C-B2DCE7E6679A}"= Disabled:UDP:6346:shareaza
"{EF2A56C3-8835-4F56-A9CA-4F186798B5B6}"= Disabled:TCP:6346:shareaza
"TCP Query User{766C9D47-BD9A-4622-B596-B425DDE6D00C}c:\\program files\\java\\jre6\\bin\\javaw.exe"= UDP:c:\program files\java\jre6\bin\javaw.exe:Java(TM) Platform SE binary
"UDP Query User{60AD0065-D2A9-4BA4-879D-2213F97F935D}c:\\program files\\java\\jre6\\bin\\javaw.exe"= TCP:c:\program files\java\jre6\bin\javaw.exe:Java(TM) Platform SE binary
"TCP Query User{F4FE2058-5F71-4FD0-B8EA-0646BF2BE33B}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{2C4AE294-C12D-4F59-9E3F-5CA527C987B9}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"{48A787A1-B89B-4044-875A-C6021447B114}"= Disabled:UDP:c:\program files\Omemo\Omemo.exe:Omemo
"{4D0CE41B-53A5-4582-BA24-2C299D1255F3}"= Disabled:TCP:c:\program files\Omemo\Omemo.exe:Omemo
"TCP Query User{AEAD9F9A-0649-48C3-BD08-0EB04AFC9161}c:\\program files\\vuze\\azureus.exe"= UDP:c:\program files\vuze\azureus.exe:Azureus
"UDP Query User{E6E38BB7-775F-48F3-B3A0-7291A06D8C40}c:\\program files\\vuze\\azureus.exe"= TCP:c:\program files\vuze\azureus.exe:Azureus
"6850a7ed-18ea-4859-be34-3f018205ea2b"= UDP:45550:emuletcp2
"85afbcb4-58f1-4d9c-9868-fa960b8691b8"= TCP:45560:emuleudp2
"{01F006D0-AED2-4987-8F0E-C11AA11DB7C2}"= UDP:c:\program files\IVT Corporation\BlueSoleil\BlueSoleil.exe:BlueSoleil
"{C9AC9B0F-2F9C-45D4-8D22-55424321C18D}"= TCP:c:\program files\IVT Corporation\BlueSoleil\BlueSoleil.exe:BlueSoleil
"{7AEEFB85-936E-45B6-BA2B-4F455A382926}"= UDP:c:\program files\IVT Corporation\BlueSoleil\BlueSoleil.exe:BlueSoleil
"{C4D61FD9-AF4E-4515-9913-99B4948365AD}"= TCP:c:\program files\IVT Corporation\BlueSoleil\BlueSoleil.exe:BlueSoleil

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\Program Files\\BitTorrent\\bittorrent.exe"= c:\program files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent
"c:\\Program Files\\PPMate\\ppmate.exe"= c:\program files\PPMate\ppmate.exe:*:Enabled:PPMate
"c:\\Program Files\\PPMate\\ppamnet.exe"= c:\program files\PPMate\ppamnet.exe:*:Enabled:PPMate

R0 ViBus;ViBus;c:\windows\System32\drivers\ViBus.sys [2008-07-29 20632]
R0 ViPrt;VIA SATA IDE Device Driver;c:\windows\System32\drivers\ViPrt.sys [2008-07-29 56984]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2009-03-23 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2009-03-23 72944]
R2 Start BT in service;Start BT in service;c:\program files\IVT Corporation\BlueSoleil\StartSkysolSvc.exe [2007-12-27 51816]
R3 Ph3xIB32;Philips 713x Inbox PCI TV Card;c:\windows\System32\drivers\Ph3xIB32.sys [2007-04-03 1131136]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2009-03-23 7408]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\System32\drivers\viahduaa.sys [2008-07-29 230912]
R3 X10Hid;X10 Hid Device;c:\windows\System32\drivers\x10hid.sys [2007-01-03 13976]
S3 3xHybrid;Philips SAA713x PCI Card;c:\windows\System32\drivers\3xHybrid.sys [2007-01-09 1136600]
S3 EC168BDA;EC168BDA service;c:\windows\System32\drivers\EC168BDA.sys [2007-09-11 87296]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\MAGIX\Common\Database\bin\fbserver.exe [2008-06-28 1527900]
S3 fssfltr;FssFltr;c:\windows\System32\drivers\fssfltr.sys [2009-04-09 55280]
S3 fsssvc;Windows Live Contrôle parental;c:\program files\Windows Live\Family Safety\fsssvc.exe [2009-02-06 533360]
S3 getPlus(R) Helper;getPlus(R) Helper;c:\program files\NOS\bin\getPlus_HelperSvc.exe [2009-04-06 33176]
S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2007-09-16 29744]
S3 maconfservice;Ma-Config Service;c:\program files\ma-config.com\maconfservice.exe [2008-07-25 191656]
S3 VNICPKT5;VNICPKT5 Protocol Driver;c:\windows\System32\VNICPKT5.sys [2008-07-29 15104]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bdx REG_MULTI_SZ scan
bthsvcs REG_MULTI_SZ BthServ
.
Contenu du dossier 'Tâches planifiées'

2009-06-04 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-09-16 16:34]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.google.fr/webhp?sourceid=navclient&hl=fr&ie=UTF-8
IE: Add to AMV Converter... - c:\program files\MP3 Player Utilities 4.13\AMVConverter\grab.html
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: MediaManager tool grab multimedia file - c:\program files\MP3 Player Utilities 4.13\MediaManager\grab.html
IE: Recherche sur eBay - c:\program files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
FF - ProfilePath -

---- PARAMETRES FIREFOX ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.allow_platform_file_picker", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.cookie.p3plevel", 1); // 0=low, 1=medium, 2=high, 3=custom
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.enablePad", false); // Allow client to do proxy autodiscovery
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.hideGoButton", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.default", "chrome://branding/content/searchconfig.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.custom", "chrome://branding/content/searchconfig.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("signon.prefillForms", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.remoteLookups", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.provider.0.updateURL", "http://sb.google.com/safebrowsing/update?client={moz:client}&appver={moz:version}&");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.provider.0.lookupURL", "http://sb.google.com/safebrowsing/lookup?sourceid=firefox-antiphish&features=TrustRank&client={moz:client}&appver={moz:version}&");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.provider.0.reportURL", "http://sb.google.com/safebrowsing/report?");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-04 14:06
Windows 6.0.6001 Service Pack 1 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------

[HKEY_USERS\S-1-5-21-641817250-3860369117-549646289-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{A7AC858C-5DFC-36D6-1766-51AAB3C5BA2A}*]
"bbdknjbpjbcngmlipcndijdnipfcindmejpf"=hex:61,61,00,00
"abdknjbpjbcngmlipcielknkeopfdompbo"=hex:61,61,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\[u]0/u000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\[u]0/u001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\[u]0/u002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\[u]0/u003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Heure de fin: 2009-06-04 14:08
ComboFix-quarantined-files.txt 2009-06-04 12:08
ComboFix2.txt 2009-06-04 09:21
ComboFix3.txt 2009-06-03 17:30

Avant-CF: 7,356,608,512 octets libres
Après-CF: 7,312,072,704 octets libres

291 --- E O F --- 2009-06-03 01:04
0
Réponse 42 / 162
Utilisateur anonyme
4 juin 2009 à 14:27
télécharge Fix.zip

(pour info : partie reg de OTM)

dezippe-le sur ton bureau et double clique sur Fix.reg

acceptes l'entrée dans le registre

supprime fix.reg et Fix.zip

et dis quoi
0
Réponse 43 / 162
jorandall62 Messages postés 596 Date d'inscription jeudi 24 janvier 2008 Statut Membre Dernière intervention 6 octobre 2023 56
4 juin 2009 à 14:50
lorsque je clique sur fix.reg j'ai une fenétre qui dit ;
impossible d'importer c:/users/jorandall62/appdata/local/temp/rarSDIDO.266/fix.reg:le fichier spécifié n'est pas 1 script du registre vous pouvez uuement importer des fichiers du registre binaires à partir de l'éditeur du registre "
0
Réponse 44 / 162
Utilisateur anonyme
4 juin 2009 à 14:56
ok desolé j 'avais inversé 2 lettres dans la clé par inadvertance

supprime-le puis recommences l opration

telecharges, executes , etc....comme indiqué au post 42
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 45 / 162
jorandall62 Messages postés 596 Date d'inscription jeudi 24 janvier 2008 Statut Membre Dernière intervention 6 octobre 2023 56
4 juin 2009 à 15:05
j'ai eu cette fenétre;
les clés et valeurs contenues dans c:/users/jorandall62/appdata/local/temp/rarSDIDO.344/fix.reg­
ont été correctement ajoutées au registre
0
Réponse 46 / 162
Utilisateur anonyme
4 juin 2009 à 15:14
regardes si tu peux supprimes ceci :

c:\Program Files\Avira
c:\ProgramData\Avira
c:\Users\All Users\Avira
c:\Users\jorandall62\AppData\Local\VirtualStore\Program Files\Avira
0
Réponse 47 / 162
jorandall62 Messages postés 596 Date d'inscription jeudi 24 janvier 2008 Statut Membre Dernière intervention 6 octobre 2023 56
4 juin 2009 à 15:27
voilà je pense que c'est faiit ! j'ai tout supprimé d'avira
0
Réponse 48 / 162
Utilisateur anonyme
4 juin 2009 à 15:54
ok relance OAD avec Avira dedans
0
Réponse 49 / 162
jorandall62 Messages postés 596 Date d'inscription jeudi 24 janvier 2008 Statut Membre Dernière intervention 6 octobre 2023 56
4 juin 2009 à 16:03
2009-06-04 ---- 16:01:45.92

----------------------------------
§§§§§§ [avira] §§§§§§
----------------------------------
[X] Registre

-------------- [ ] rapide
-- Fichier --- [ ] disque systeme
------------- [X] complete


********************
[Registre]
********************


[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{45AC2688-0253-4ED8-97DE-B5370FA7D48A}\InProcServer32]
@="C:\\Program Files\\Avira\\AntiVir PersonalEdition Classic\\shlext.dll"

"C:\\Users\\jorandall62\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\66Z4209O\\avira-antivir-personal-free_avira_antivir_personal_free_9.0.0.386_anglais_10821[1].exe"=dword:00000001

[HKEY_USERS\S-1-5-21-641817250-3860369117-549646289-1000\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\\Users\\JORAND~1\\AppData\\Local\\Temp\\Rar$EX00.578\\RegCleaner.exe"="Avira Registry Cleaner"

"C:\\Users\\jorandall62\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\2WA065F3\\tool_en[1].exe"="Avira Removal Tool"

"C:\\Users\\jorandall62\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\2WA065F3\\tool_en[1].exe"="Avira Removal Tool"
"C:\\Program Files\\Avira\\AntiVir PersonalEdition Classic\\avgnt.exe"="Antivirus System Tray Tool"

[HKEY_USERS\S-1-5-21-641817250-3860369117-549646289-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\\Users\\JORAND~1\\AppData\\Local\\Temp\\Rar$EX00.578\\RegCleaner.exe"="Avira Registry Cleaner"

"C:\\Users\\jorandall62\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\2WA065F3\\tool_en[1].exe"="Avira Removal Tool"

"C:\\Users\\jorandall62\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\2WA065F3\\tool_en[1].exe"="Avira Removal Tool"
"C:\\Program Files\\Avira\\AntiVir PersonalEdition Classic\\avgnt.exe"="Antivirus System Tray Tool"

*******************
[Fichier]
*******************

c:\System Volume Information\SystemRestore\FRStaging\ProgramData\Avira


*********************
[Même date]
*********************

[Répertoire ] --- REP ---> C:\Program Files\Files



Outil Aide Diagnostic By !aur3n7 Version 1.1
----------------------------------
§§§§§ Fin Rapport §§§§§
----------------------------------
0
Réponse 50 / 162
Utilisateur anonyme
4 juin 2009 à 16:09
---> Télécharge et installe CCleaner (N'installe pas la Yahoo Toolbar) :

* Lance-le. Va dans Options puis Avancé et décoche la case Effacer uniquement les fichiers etc....
* Va dans Nettoyeur, choisis Analyse. Une fois terminé, lance le nettoyage.
* Ensuite, choisis Registre, puis Chercher des erreurs. Une fois terminé, répare toutes les erreurs tant de fois qu il en trouve a l analyse
* Veille a ce que dans les options le reglage soit au demarrage de windows et réglé sur "effacement securisé" 35 passes (guttman)
__________________________________________________

puis refais OAD ensuite
0
Réponse 51 / 162
jorandall62 Messages postés 596 Date d'inscription jeudi 24 janvier 2008 Statut Membre Dernière intervention 6 octobre 2023 56
4 juin 2009 à 16:28
2009-06-04 ---- 16:26:54.59

----------------------------------
§§§§§§ [avira] §§§§§§
----------------------------------
[X] Registre

-------------- [ ] rapide
-- Fichier --- [ ] disque systeme
------------- [X] complete


********************
[Registre]
********************


"C:\\Users\\jorandall62\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\66Z4209O\\avira-antivir-personal-free_avira_antivir_personal_free_9.0.0.386_anglais_10821[1].exe"=dword:00000001

[HKEY_USERS\S-1-5-21-641817250-3860369117-549646289-1000\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\\Users\\JORAND~1\\AppData\\Local\\Temp\\Rar$EX00.578\\RegCleaner.exe"="Avira Registry Cleaner"

"C:\\Users\\jorandall62\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\2WA065F3\\tool_en[1].exe"="Avira Removal Tool"

"C:\\Users\\jorandall62\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\2WA065F3\\tool_en[1].exe"="Avira Removal Tool"
"C:\\Program Files\\Avira\\AntiVir PersonalEdition Classic\\avgnt.exe"="Antivirus System Tray Tool"

[HKEY_USERS\S-1-5-21-641817250-3860369117-549646289-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\\Users\\JORAND~1\\AppData\\Local\\Temp\\Rar$EX00.578\\RegCleaner.exe"="Avira Registry Cleaner"

"C:\\Users\\jorandall62\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\2WA065F3\\tool_en[1].exe"="Avira Removal Tool"

"C:\\Users\\jorandall62\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\2WA065F3\\tool_en[1].exe"="Avira Removal Tool"
"C:\\Program Files\\Avira\\AntiVir PersonalEdition Classic\\avgnt.exe"="Antivirus System Tray Tool"

*******************
[Fichier]
*******************

c:\System Volume Information\SystemRestore\FRStaging\ProgramData\Avira


*********************
[Même date]
*********************

[Répertoire ] --- REP ---> C:\Program Files\Files



Outil Aide Diagnostic By !aur3n7 Version 1.1
----------------------------------
§§§§§ Fin Rapport §§§§§
----------------------------------
0
Réponse 52 / 162
Utilisateur anonyme
4 juin 2009 à 16:36
tu as utilisé ccleaner .?
0
Réponse 53 / 162
jorandall62
4 juin 2009 à 16:46
oui tout à fait
et là je viens de redémarrer l'ordi
0
Réponse 54 / 162
Utilisateur anonyme
4 juin 2009 à 17:14
ok

fais de meme avec cette autre clé + ce petit executable puis :

Desactive ton Anti-virus le temps de la manip car il est detecte a tort comme infection puis :

Télécharge SYS_List

et enregistre-le sur ton bureau et pas ailleurs

Execute-le (en tant qu'administrateur sous vista)

et renvoie le rapport situé à la racine du disque systeme

supprimes sys_list ensuite
0
Réponse 55 / 162
jorandall62 Messages postés 596 Date d'inscription jeudi 24 janvier 2008 Statut Membre Dernière intervention 6 octobre 2023 56
4 juin 2009 à 17:27
Microsoft Windows [version 6.0.6001]

2009-06-04



Le volume dans le lecteur C s'appelle BOOT
Le numéro de série du volume est 9056-F00B

Répertoire de C:\Windows\System32\drivers

2006-11-02 10:55 53,376 1394bus.sys
2007-01-08 19:43 1,136,600 3xHybrid.sys
2008-01-19 09:43 266,808 acpi.sys
2004-09-16 13:26 12,634 ADFUUD.SYS
2006-11-02 11:51 420,968 adp94xx.sys
2006-11-02 11:51 297,576 adpahci.sys
2006-11-02 11:50 98,408 adpu160m.sys
2006-11-02 11:51 147,048 adpu320.sys
2006-11-10 16:05 18,688 afc.sys
2008-01-19 07:57 273,920 afd.sys
2006-11-02 11:49 53,864 AGP440.sys
2006-11-02 11:49 14,952 aliide.sys
2006-11-02 11:49 54,888 AMDAGP.SYS
2006-11-02 11:49 15,464 amdide.sys
2006-11-02 10:30 38,912 amdk7.sys
2006-11-02 10:30 40,960 amdk8.sys
2006-11-02 11:50 67,688 arc.sys
2006-11-02 11:50 67,688 arcsas.sys
2008-01-19 07:56 17,408 asyncmac.sys
2008-01-19 09:41 21,560 atapi.sys
2008-01-19 09:43 110,136 ataport.sys
2006-11-02 09:36 2,028,032 atikmdag.sys
2009-02-13 11:31 55,640 avgntflt.sys
2008-10-30 10:21 75,072 avipbb.sys
2006-11-02 11:49 25,192 battc.sys
2004-09-21 18:18 148,830 bcbthub.sys
2008-01-19 07:53 12,288 bdasup.sys
2008-01-19 07:49 6,144 beep.sys
2007-06-24 21:56 34,312 blueletaudio.sys
2007-06-24 21:56 27,656 BlueletSCOAudio.sys
2008-01-19 07:28 69,632 bowser.sys
2006-11-02 10:24 13,568 BrFiltLo.sys
2006-11-02 10:24 5,248 BrFiltUp.sys
2008-01-19 08:58 93,696 bridge.sys
2006-11-02 10:25 71,808 BrSerId.sys
2006-11-02 10:24 62,336 BrSerWdm.sys
2006-11-02 10:24 12,160 BrUsbMdm.sys
2006-11-02 10:24 11,904 BrUsbSer.sys
2007-06-24 21:56 38,920 btcusb.sys
2008-01-19 07:53 19,456 bthenum.sys
2007-03-05 20:56 35,600 BtHidMgr.sys
2008-01-19 07:53 39,936 bthmodem.sys
2008-01-19 07:53 92,160 bthpan.sys
2008-04-29 03:42 220,160 bthport.sys
2008-04-29 03:42 29,184 BTHUSB.SYS
2007-03-05 20:59 18,320 btnetdrv.sys
2006-11-22 13:41 22,416 BTNetFilter.sys
2008-01-19 07:28 70,144 cdfs.sys
2006-10-05 04:42 2,432 cdr4_xp.sys
2006-10-05 04:42 2,560 cdralw2k.sys
2008-01-19 07:49 67,072 cdrom.sys
2006-11-02 10:55 35,328 circlass.sys
2008-01-19 09:43 127,544 Classpnp.sys
2006-11-02 11:49 16,488 cmdide.sys
2006-11-02 11:49 18,280 compbatt.sys
2008-01-19 09:41 36,408 crashdmp.sys
2006-11-02 11:49 22,632 crcdisk.sys
2006-11-02 10:30 38,912 crusoe.sys
2008-01-19 07:28 75,264 dfsc.sys
2008-01-19 09:42 55,352 disk.sys
2008-01-19 07:49 19,968 Diskdump.sys
2006-11-02 11:50 71,272 djsvs.sys
2008-01-19 08:53 130,048 drmk.sys
2008-01-19 07:53 5,632 drmkaud.sys
2008-01-19 09:41 29,240 Dumpata.sys
2008-01-19 07:36 13,312 dxapi.sys
2008-01-19 07:36 76,288 dxg.sys
2008-08-02 03:01 625,152 dxgkrnl.sys
2006-11-02 09:30 163,328 e100b325.sys
2006-11-02 09:30 117,760 E1G60I32.sys
2007-09-11 15:20 87,296 EC168BDA.sys
2008-01-19 09:42 143,416 ecache.sys
2006-11-02 11:51 316,520 elxstor.sys
2008-01-19 07:28 136,192 exfat.sys
2008-01-19 07:28 143,360 fastfat.sys
2006-11-02 10:51 25,088 fdc.sys
2006-11-02 09:30 45,568 fetnd5.sys
2007-07-05 14:33 42,496 fetnd5bv.sys
2008-01-19 09:42 58,936 fileinfo.sys
2008-01-19 07:30 27,648 filetrace.sys
2006-11-02 10:51 20,480 flpydisk.sys
2008-01-19 09:42 192,056 fltMgr.sys
2009-02-06 18:08 55,280 fssfltr.sys
2008-01-19 07:27 12,800 fs_rec.sys
2004-09-21 18:18 116,021 fw203x.sys
2008-01-19 09:43 101,432 FWPKCLNT.SYS
2006-11-02 11:50 58,984 GAGP30KX.SYS
2006-09-19 15:44 15,664 GEARAspiWDM.sys
2008-01-19 06:30 53,760 hdaudbus.sys
2006-11-02 09:36 235,520 HdAudio.sys
2006-11-02 10:55 29,184 hidbth.sys
2008-01-19 07:53 38,912 hidclass.sys
2006-11-02 10:55 21,504 hidir.sys
2008-01-19 07:53 25,472 hidparse.sys
2008-01-19 07:53 12,288 hidusb.sys
2006-11-02 11:50 37,480 HpCISSs.sys
2008-01-19 07:55 401,408 http.sys
2006-11-02 11:49 16,488 i2omgmt.sys
2006-11-02 11:49 27,752 i2omp.sys
2008-01-19 07:49 54,784 i8042prt.sys
2006-11-02 11:51 232,040 iaStorV.sys
2006-11-02 11:50 41,576 iirsp.sys
2006-11-02 11:49 14,952 intelide.sys
2008-01-19 07:27 41,472 intelppm.sys
2008-01-19 07:56 47,616 ipfltdrv.sys
2006-11-02 10:42 65,536 IPMIDrv.sys
2008-01-19 07:56 100,864 ipnat.sys
2008-01-19 07:55 95,744 irda.sys
2008-01-19 07:55 13,312 irenum.sys
2006-11-02 11:50 47,208 isapnp.sys
2006-11-02 11:50 35,944 iteatapi.sys
2006-11-02 11:50 35,944 iteraid.sys
2008-01-19 09:41 35,384 kbdclass.sys
2008-01-19 07:49 15,872 kbdhid.sys
2008-01-19 07:49 148,992 ks.sys
2008-01-19 09:43 441,400 ksecdd.sys
2008-01-19 07:55 47,104 lltdio.sys
2006-11-02 11:50 65,640 lsi_fc.sys
2006-11-02 11:50 65,640 lsi_sas.sys
2006-11-02 11:50 65,640 lsi_scsi.sys
2008-01-19 07:30 84,480 luafv.sys
2009-05-26 13:19 19,096 mbam.sys
2009-05-26 13:20 40,160 mbamswissarmy.sys
2008-01-19 07:49 18,944 mcd.sys
2006-11-02 11:49 28,776 megasas.sys
2008-01-22 13:50 45,768 MiniIcpt.sys
2008-01-19 07:57 31,744 modem.sys
2008-01-19 07:52 41,984 monitor.sys
2008-01-19 09:41 34,360 mouclass.sys
2008-01-19 07:49 15,872 mouhid.sys
2008-01-19 09:42 57,400 mountmgr.sys
2006-11-02 11:50 78,952 mpio.sys
2008-01-19 07:54 64,000 mpsdrv.sys
2006-11-02 11:49 33,384 Mraid35x.sys
2008-01-19 07:28 110,080 mrxdav.sys
2008-01-19 07:28 105,472 mrxsmb.sys
2008-08-27 03:05 212,480 mrxsmb10.sys
2008-01-19 07:28 78,848 mrxsmb20.sys
2006-11-02 11:49 23,144 msahci.sys
2006-11-02 11:50 80,488 msdsm.sys
2008-01-19 07:28 22,528 msfs.sys
2008-01-19 09:41 16,440 msisadrv.sys
2008-01-19 09:42 181,304 msiscsi.sys
2008-01-19 07:49 8,192 mskssrv.sys
2008-01-19 07:49 5,888 mspclock.sys
2008-01-19 07:49 5,504 mspqm.sys
2008-01-19 09:42 163,384 msrpc.sys
2008-01-19 09:41 31,288 mssmbios.sys
2008-01-19 07:49 6,016 mstee.sys
2008-01-19 09:42 49,720 mup.sys
2008-01-19 09:43 529,464 ndis.sys
2008-01-19 07:56 20,992 ndistapi.sys
2008-01-19 07:55 16,896 ndisuio.sys
2008-01-19 07:56 121,344 ndiswan.sys
2008-01-19 07:56 49,664 ndproxy.sys
2008-01-19 07:55 35,840 netbios.sys
2008-01-19 07:55 184,320 netbt.sys
2008-01-19 09:42 223,288 netio.sys
2006-11-02 11:50 45,160 nfrd960.sys
2008-01-19 07:28 34,816 npfs.sys
2008-01-19 07:55 16,384 nsiproxy.sys
2008-01-19 09:43 1,081,912 ntfs.sys
2006-11-02 09:36 20,608 ntrigdigi.sys
2008-01-19 07:49 4,608 null.sys
2007-11-06 21:00 8,230,496 nvlddmkm.sys
2006-11-02 11:50 88,680 nvraid.sys
2006-11-02 11:50 40,040 nvstor.sys
2007-02-26 22:28 55,808 nvtcam.sys
2007-02-26 22:28 24,192 NVTCAMD2.SYS
2006-11-02 11:50 106,600 NV_AGP.SYS
2008-05-20 04:07 148,480 nwifi.sys
2006-11-02 10:55 62,080 ohci1394.sys
2003-04-29 01:31 51,169 OXSER.SYS
2008-04-05 03:21 72,192 pacer.sys
2008-01-19 07:49 79,360 parport.sys
2008-01-19 09:42 56,376 partmgr.sys
2008-01-19 07:49 8,704 parvdm.sys
2008-01-19 09:42 151,096 pci.sys
2006-11-02 11:49 13,416 pciide.sys
2008-01-19 09:42 45,112 pciidex.sys
2006-11-02 11:51 167,528 pcmcia.sys
2008-07-07 17:00 47,360 pcouffin.sys
2006-11-02 11:04 878,080 PEAuth.sys
2007-04-03 10:43 1,131,136 Ph3xIB32.sys
2008-01-22 13:50 38,608 PktIcpt.sys
2008-01-19 07:53 167,936 portcls.sys
2006-11-02 10:30 38,400 processr.sys
2008-08-01 00:17 43,872 pxhelp20.sys
2006-11-02 11:51 900,712 ql2300.sys
2006-11-02 11:50 106,088 ql40xx.sys
2008-01-19 07:56 31,232 qwavedrv.sys
2008-01-19 07:56 11,776 rasacd.sys
2008-01-19 07:56 76,288 rasl2tp.sys
2008-01-19 07:56 41,472 raspppoe.sys
2008-01-19 07:56 62,976 raspptp.sys
2008-01-19 07:56 69,120 rassstp.sys
2008-01-19 07:28 224,768 rdbss.sys
2008-01-19 08:01 6,144 RDPCDD.sys
2006-11-02 11:03 242,688 rdpdr.sys
2008-01-19 08:01 6,144 RDPENCDD.sys
2008-01-19 08:01 181,248 rdpwd.sys
2008-01-19 07:53 49,664 rfcomm.sys
2008-05-10 03:33 113,664 rmcast.sys
2008-01-19 07:56 33,280 RNDISMP.sys
2008-01-19 07:57 8,192 rootmdm.sys
2008-01-19 07:55 60,416 rspndr.sys
2006-11-02 11:50 76,392 sbp2port.sys
2008-01-19 09:42 142,904 scsiport.sys
2008-01-19 07:49 17,920 serenum.sys
2008-01-19 07:49 83,456 serial.sys
2008-01-19 07:49 19,968 sermouse.sys
2006-11-02 10:51 13,312 sffdisk.sys
2006-11-02 10:51 12,800 sffp_mmc.sys
2006-11-02 10:51 12,800 sffp_sd.sys
2006-11-02 10:51 13,312 sfloppy.sys
2004-02-11 13:29 48,076 Sio9502k.sys
2006-11-02 11:49 53,352 SISAGP.SYS
2006-11-02 11:50 38,504 sisraid2.sys
2006-11-02 11:50 71,784 sisraid4.sys
2004-03-23 10:26 48,556 SktBt2k.sys
2008-01-19 07:55 66,560 smb.sys
2008-01-19 07:49 17,408 smclib.sys
2007-05-09 15:16 28,160 sncduvc.sys
2007-09-05 14:50 9,631,744 snp2uvc.sys
2008-01-19 09:41 21,048 spldr.sys
2008-01-19 06:10 681,984 spsys.sys
2008-12-16 04:42 288,768 srv.sys
2008-01-19 07:29 144,384 srv2.sys
2008-01-19 07:29 98,304 srvnet.sys
2007-11-08 18:03 21,248 ssmdrv.sys
2008-01-19 09:43 123,960 Storport.sys
2008-01-19 07:53 52,992 stream.sys
2008-01-19 09:41 15,288 swenum.sys
2006-11-02 11:50 35,944 symc8xx.sys
2006-11-02 11:49 31,848 sym_hi.sys
2006-11-02 11:50 34,920 sym_u3.sys
2008-01-19 07:49 24,576 tape.sys
2008-04-26 10:26 891,448 tcpip.sys
2008-01-19 07:56 30,208 tcpipreg.sys
2008-01-19 07:57 20,992 tdi.sys
2008-01-19 08:01 17,920 tdpipe.sys
2008-01-19 08:01 29,184 tdtcp.sys
2008-01-19 07:55 71,680 tdx.sys
2008-01-19 09:42 54,328 termdd.sys
2008-01-19 08:01 23,552 tssecsrv.sys
2008-01-19 07:55 15,360 TUNMP.SYS
2008-01-19 07:55 23,040 tunnel.sys
2008-01-19 09:42 59,448 UAGP35.SYS
2008-01-19 07:28 226,816 udfs.sys
2006-11-02 11:50 58,472 ULIAGPKX.SYS
2006-11-02 11:51 235,112 uliahci.sys
2006-11-02 11:50 98,408 ulsata.sys
2006-11-02 11:50 115,816 ulsata2.sys
2008-01-19 07:53 34,816 umbus.sys
2008-01-19 07:53 7,680 umpass.sys
2008-01-19 07:56 15,872 usb8023.sys
2008-01-19 07:53 73,088 USBAUDIO.sys
2008-01-19 07:53 25,728 USBCAMD.sys
2008-01-19 07:53 25,728 USBCAMD2.sys
2008-01-19 07:53 73,216 usbccgp.sys
2006-11-02 10:55 68,608 usbcir.sys
2008-01-19 07:53 5,888 usbd.sys
2008-01-19 07:53 39,424 usbehci.sys
2008-01-19 07:53 194,560 usbhub.sys
2006-11-02 10:55 19,456 usbohci.sys
2008-01-19 07:53 226,304 usbport.sys
2008-01-19 08:14 18,944 usbprint.sys
2008-01-19 08:14 35,328 usbscan.sys
2008-01-19 07:53 55,296 USBSTOR.SYS
2008-01-19 07:53 23,552 usbuhci.sys
2008-01-19 07:53 134,016 usbvideo.sys
2007-03-05 20:55 20,880 VBTEnum.sys
2007-03-05 20:52 34,448 VComm.sys
2007-03-05 20:53 44,304 VCommMgr.sys
2008-01-19 07:52 25,088 vga.sys
2006-11-02 10:53 26,112 vgapnp.sys
2007-03-05 20:57 19,472 VHIDMini.sys
2006-11-02 11:49 54,376 VIAAGP.SYS
2006-11-02 10:30 39,424 viac7.sys
2007-10-16 11:00 230,912 viahduaa.sys
2008-01-19 09:41 20,024 viaide.sys
2008-06-05 10:42 20,632 ViBus.sys
2008-01-19 07:52 110,080 videoprt.sys
2008-06-05 10:44 56,984 ViPrt.sys
2008-01-19 09:42 52,792 volmgr.sys
2008-01-19 09:43 294,456 volmgrx.sys
2008-01-19 09:42 227,896 volsnap.sys
2009-02-19 00:11 293,528 vsdatant.sys
2006-11-02 11:50 112,232 vsmraid.sys
2006-11-02 10:52 20,608 wacompen.sys
2008-01-19 07:56 62,464 wanarp.sys
2008-01-19 07:35 32,768 watchdog.sys
2006-11-02 11:49 19,560 wd.sys
2008-01-19 09:43 503,864 Wdf01000.sys
2008-01-19 09:41 35,896 WdfLdr.sys
2006-11-02 10:35 11,264 wmiacpi.sys
2008-01-19 09:41 17,976 wmilib.sys
2008-01-19 07:56 15,872 ws2ifsl.sys
2003-07-04 02:58 63,488 wssbtr1f.sys
2008-01-19 07:52 51,200 WUDFPf.sys
2008-01-19 07:53 83,328 WUDFRd.sys
2006-11-17 11:31 13,976 x10hid.sys
2006-11-30 16:18 27,416 x10ufx2.sys
303 fichier(s) 48,249,766 octets
0 Rép(s) 7,809,478,656 octets libres
0
Réponse 56 / 162
Utilisateur anonyme
4 juin 2009 à 17:50
supprimes ceci :

C:\Windows\System32\Drivers\avgntflt.sys
C:\Windows\System32\Drivers\avipbb.sys

puis relances rsit
0
Réponse 57 / 162
jorandall62 Messages postés 596 Date d'inscription jeudi 24 janvier 2008 Statut Membre Dernière intervention 6 octobre 2023 56
4 juin 2009 à 18:06
je n'ai pas eu le rapport " info.txt "

Logfile of random's system information tool 1.06 (written by random/random)
Run by jorandall62 at 2009-06-04 18:03:44
Microsoft® Windows Vista™ Édition Familiale Premium Service Pack 1
System drive C: has 12 GB (5%) free of 218 GB
Total RAM: 2046 MB (55% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:04, on 2009-06-04
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18226)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\rundll32.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Windows\vsnp2uvc.exe
C:\Windows\tsnp2uvc.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil VoIP Plugin.exe
C:\Windows\system32\conime.exe
C:\Program Files\Internet Explorer\IEUser.exe
C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\jorandall62\Desktop\RSIT.exe
C:\Program Files\trend micro\jorandall62.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/webhp?sourceid=navclient&hl=fr&ie=UTF-8&gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: eBay Toolbar Helper - {22D8E815-4A5E-4DFB-845E-AAB64207F5BD} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: NXIECatcher Class - {83B80A9C-D91A-4F22-8DCF-EA7204039F79} - C:\Program Files\Xi\NetXfer\NXIEHelper.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: eBay Toolbar - {92085AD4-F48A-450D-BD93-B28CC7DF67CE} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [snp2uvc] C:\Windows\vsnp2uvc.exe
O4 - HKLM\..\Run: [tsnp2uvc] C:\Windows\tsnp2uvc.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\CCleaner.exe" /AUTO
O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'Default user')
O4 - Global Startup: BlueSoleil.lnk = C:\Program Files\IVT Corporation\BlueSoleil\gprs.exe
O8 - Extra context menu item: Add to AMV Converter... - C:\Program Files\MP3 Player Utilities 4.13\AMVConverter\grab.html
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Program Files\MP3 Player Utilities 4.13\MediaManager\grab.html
O8 - Extra context menu item: Recherche sur eBay - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - (no file)
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - (no file)
O13 - Gopher Prefix:
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com/QuickTime/qtactivex/qtplugin.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Windows\system32\Skype4COM.dll
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GoogleDesktopNetwork3.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Google Desktop Manager 5.7.806.10245 (GoogleDesktopManager-061008-081103) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Start BT in service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\StartSkysolSvc.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
0
Réponse 58 / 162
Utilisateur anonyme
4 juin 2009 à 18:52

__________________________________________________________
=>/!\ ATTENTION /!\ Le script qui suit a été écrit spécialement cet ordinateur,<=
=>il est fort déconseillé de le transposer sur un autre ordinateur !<=====|
---------------------------------------------------------------

Toujours avec toutes les protections désactivées, fais ceci :

• Ouvre le bloc-notes (Menu démarrer --> programmes --> accessoires --> bloc-notes)
• Copie/colle dans le bloc-notes ce qui entre les lignes ci dessous (sans les lignes) :

----------------------------------------------------------
Driver::
avgio
NSDriver
AWRTPD
Ad-Watch Connect Filter
Ad-Watch Real-Time Scanner
Ad-Watch Registry Filter
bdfdll
BDFsDrv
BDRsDrv
BDSelfPr
Profos
Trufos
------------------------------------------------------------------

• Enregistre ce fichier sur ton Bureau (et pas ailleurs !) sous le nom CFScript.txt
• Quitte le Bloc Notes

• Fais un glisser/déposer de ce fichier CFScript sur le fichier C-Fix.exe (combofix) Comme ceci

• Patiente le temps du scan. Le Bureau va disparaître à plusieurs reprises : c'est normal ! Ne touche à rien tant que le scan n'est pas terminé.
• Une fois le scan achevé, un rapport va s'afficher: poste son contenu.
• Si le fichier ne s'ouvre pas, il se trouve ici => C:\ComboFix.txt


0
Réponse 59 / 162
jorandall62 Messages postés 596 Date d'inscription jeudi 24 janvier 2008 Statut Membre Dernière intervention 6 octobre 2023 56
4 juin 2009 à 19:46
ComboFix 09-06-03.04 - jorandall62 2009-06-04 19:27.8 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6001.1.1252.1.1036.18.2046.1052 [GMT 2:00]
Lancé depuis: c:\users\jorandall62\Desktop\ComboFix2.exe
Commutateurs utilisés :: c:\users\jorandall62\Desktop\CFScript.txt
SP: AVG Anti-Spyware *disabled* (Outdated) {48F2E28D-ED66-4646-9C11-B3055B0AF604}
SP: Spy Emergency *disabled* (Updated) {773EE130-7EFF-422a-B0FB-8A71604A2FF9}
SP: Spybot - Search and Destroy *disabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: SUPERAntiSpyware *enabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\users\JORAND~1\AppData\Local\Temp\ppcrlui_5156_2
c:\users\jorandall62\AppData\Local\temp\ppcrlui_5156_2

.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_AD-WATCH_CONNECT_FILTER
-------\Legacy_AD-WATCH_REAL-TIME_SCANNER
-------\Legacy_AD-WATCH_REGISTRY_FILTER
-------\Legacy_AVGIO
-------\Legacy_BDSELFPR
-------\Legacy_PROFOS
-------\Legacy_TRUFOS
-------\Service_Ad-Watch Connect Filter
-------\Service_Ad-Watch Real-Time Scanner
-------\Service_Ad-Watch Registry Filter
-------\Service_avgio
-------\Service_bdfdll
-------\Service_BDFsDrv
-------\Service_BDRsDrv
-------\Service_BDSelfPr
-------\Service_Profos
-------\Service_Trufos


((((((((((((((((((((((((((((( Fichiers créés du 2009-05-04 au 2009-06-04 ))))))))))))))))))))))))))))))))))))
.

2009-06-04 17:30 . 2009-06-04 17:33 -------- d-----w- c:\users\jorandall62\AppData\Local\temp
2009-06-04 17:30 . 2009-06-04 17:30 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2009-06-03 19:49 . 2009-06-03 19:49 -------- d-----w- C:\_OTM
2009-06-03 17:17 . 2009-06-03 17:30 -------- d-s---w- C:\ComboFix
2009-06-03 13:44 . 2009-06-03 14:36 -------- d-----w- C:\UsbFix
2009-06-03 13:10 . 2009-06-03 13:10 -------- d-----w- C:\rsit
2009-06-02 22:46 . 2009-06-02 23:32 -------- d-----w- c:\program files\RegCleaner
2009-05-29 13:55 . 2007-02-21 11:47 31232 --sh--r- c:\windows\system32\msfDX.dll
2009-05-29 13:50 . 2009-06-03 00:52 -------- d-----w- c:\program files\eRightSoft
2009-05-28 14:58 . 2008-03-16 13:30 216064 --sha-r- c:\windows\system32\nbDX.dll
2009-05-28 14:58 . 2006-05-03 10:06 163328 --sha-r- c:\windows\system32\flvDX.dll
2009-05-26 22:13 . 2009-05-28 10:53 -------- d-----w- c:\users\jorandall62\AppData\Roaming\Software Informer
2009-05-26 22:13 . 2009-05-28 10:48 -------- d-----w- c:\program files\Software Informer
2009-05-26 22:13 . 2009-05-28 10:59 -------- d-----w- c:\users\jorandall62\AppData\Roaming\Free Download Manager
2009-05-26 22:13 . 2009-05-28 10:48 -------- d-----w- c:\program files\Free Download Manager
2009-05-26 18:15 . 2009-05-28 10:48 -------- d-----w- c:\program files\VDOWNLOADER
2009-05-26 14:29 . 2009-05-26 14:37 -------- d-----w- C:\My Videos
2009-05-26 14:24 . 2009-05-26 14:24 -------- d-----w- c:\programdata\Apowersoft
2009-05-22 15:31 . 2009-05-22 15:31 -------- d-----w- c:\program files\Magicbit
2009-05-20 20:28 . 2009-05-20 21:19 -------- d-----w- c:\users\jorandall62\AppData\Roaming\Broad Intelligence
2009-05-20 20:25 . 2009-05-21 18:17 -------- d-----w- c:\users\jorandall62\AppData\Roaming\OpenCandy
2009-05-19 18:43 . 2009-05-19 18:43 -------- d-----w- C:\ConverterOutput
2009-05-19 18:42 . 2009-05-19 18:42 -------- d-----w- c:\program files\Cucusoft
2009-05-17 18:24 . 2009-06-03 00:52 -------- d-----w- c:\program files\Common Files\SNP2UVC
2009-05-17 18:24 . 2007-09-11 14:10 303104 ----a-w- c:\windows\system32\vsnp2uvc.dll
2009-05-17 18:24 . 2007-08-10 16:41 180224 ----a-w- c:\windows\system32\rsnp2uvc.dll
2009-05-17 18:24 . 2007-07-11 16:18 237568 ----a-w- c:\windows\tsnp2uvc.exe
2009-05-17 18:24 . 2007-07-11 13:31 569344 ----a-w- c:\windows\vsnp2uvc.exe
2009-05-17 18:24 . 2007-07-04 15:28 176128 ----a-w- c:\windows\system32\csnp2uvc.dll
2009-05-17 10:28 . 2009-05-17 10:40 -------- d-----w- c:\program files\PurFlirt
2009-05-15 15:32 . 2009-05-15 15:32 -------- d-----w- c:\program files\Fritivi
2009-05-12 17:51 . 2009-05-15 09:25 -------- d-----w- c:\program files\PC
2009-05-07 14:55 . 2009-06-03 00:52 -------- d-----w- c:\program files\WinAVI MP4 Converter
2009-05-07 13:35 . 2009-05-07 13:35 -------- d-----w- c:\users\jorandall62\AppData\Local\Apple Computer
2009-05-07 13:14 . 2009-06-03 00:52 -------- d-----w- c:\programdata\Apple Computer
2009-05-07 13:13 . 2009-05-07 13:13 -------- d-----w- c:\users\jorandall62\AppData\Local\Apple
2009-05-07 13:13 . 2009-06-03 00:52 -------- d-----w- c:\program files\Apple Software Update
2009-05-07 13:13 . 2009-06-03 00:52 -------- d-----w- c:\programdata\Apple
2009-05-07 11:51 . 2009-05-08 06:40 -------- d-----w- c:\program files\Reganam
2009-05-07 08:50 . 2009-05-07 09:34 -------- d-----w- c:\program files\Daniusoft
2009-05-06 16:44 . 2009-05-06 16:44 -------- d-----w- c:\program files\IVT Corporation

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-04 17:34 . 2009-04-03 18:04 117760 ----a-w- c:\users\jorandall62\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-06-04 16:12 . 2007-12-15 21:45 -------- d-----w- c:\program files\Trend Micro
2009-06-04 11:11 . 2008-03-31 20:24 -------- d-----w- c:\users\jorandall62\AppData\Roaming\dvdcss
2009-06-04 09:35 . 2007-12-14 16:32 -------- d-----w- c:\programdata\WholeSecurity
2009-06-03 00:59 . 2007-09-16 17:37 -------- d-----w- c:\programdata\Google Updater
2009-06-03 00:54 . 2007-01-02 15:47 -------- d-----w- c:\program files\Common Files\LightScribe
2009-06-02 19:26 . 2009-04-02 22:40 -------- d-----w- c:\program files\Common Files\PC Tools
2009-06-02 19:24 . 2007-12-12 22:39 -------- d-----w- c:\programdata\PC Tools
2009-05-29 20:37 . 2006-11-02 15:48 669328 ----a-w- c:\windows\system32\perfh00C.dat
2009-05-29 20:37 . 2006-11-02 15:48 123350 ----a-w- c:\windows\system32\perfc00C.dat
2009-05-28 11:45 . 2008-06-20 22:23 3371383 ----a-w- c:\programdata\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-05-26 11:20 . 2008-12-31 15:28 40160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-26 11:19 . 2008-06-20 22:22 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-05-23 16:35 . 2007-12-14 22:39 -------- d-----w- c:\program files\AVS4YOU
2009-05-19 10:20 . 2009-04-22 10:04 -------- d-----w- c:\programdata\Bluetooth
2009-05-12 14:20 . 2008-03-02 22:12 -------- d-----w- c:\users\jorandall62\AppData\Roaming\Vso
2009-05-10 13:50 . 2009-04-02 01:47 -------- d-----w- c:\users\jorandall62\AppData\Roaming\Azureus
2009-05-09 15:50 . 2008-12-03 22:07 -------- d-----w- c:\users\jorandall62\AppData\Roaming\ArcSoft
2009-05-07 14:54 . 2007-12-22 20:52 2560 ----a-w- c:\windows\_MSRSTRT.EXE
2009-05-07 11:05 . 2009-04-11 22:44 -------- d-----w- c:\program files\SoftPepper Video Converter 2.0
2009-05-06 16:46 . 2009-04-22 20:57 836 ----a-w- c:\windows\bthservsdp.dat
2009-04-30 09:22 . 2009-04-30 09:22 -------- d-----w- c:\program files\Secret Maryo Chronicles
2009-04-27 16:57 . 2008-09-01 22:15 1 ----a-w- c:\users\jorandall62\AppData\Roaming\OpenOffice.org2\user\uno_packages\cache\stamp.sys
2009-04-27 16:57 . 2008-09-01 22:13 -------- d-----w- c:\users\jorandall62\AppData\Roaming\OpenOffice.org2
2009-04-22 20:56 . 2009-04-22 20:34 -------- d-----w- c:\program files\Common Files\SmartCom
2009-04-22 20:55 . 2009-04-21 16:04 -------- d-----w- c:\program files\younan.info
2009-04-22 20:55 . 2008-04-22 17:08 -------- d-----w- c:\program files\SmartFTP Client 3.0 Setup Files
2009-04-22 20:35 . 2009-04-22 20:35 143 ----a-w- c:\users\jorandall62\AppData\Local\FSCache.dat
2009-04-22 20:33 . 2009-04-22 20:33 -------- d-----w- c:\program files\SmartCom
2009-04-21 15:57 . 2009-04-21 15:55 -------- d-----w- c:\program files\SMStoB
2009-04-21 15:45 . 2009-04-21 15:43 290816 ------w- c:\windows\Setup1.exe
2009-04-21 15:45 . 2009-04-21 15:43 74752 ----a-w- c:\windows\ST6UNST.EXE
2009-04-21 11:34 . 2009-04-21 11:21 -------- d-----w- c:\program files\BarreMagique
2009-04-19 10:40 . 2009-04-19 10:40 5004 ----a-w- c:\users\jorandall62\nodes.dat
2009-04-18 09:33 . 2009-04-17 07:39 181 ----a-w- c:\users\jorandall62\AppData\Roaming\Azureus\restart.bat
2009-04-13 18:38 . 2009-04-13 18:38 -------- d-----w- c:\program files\vghd
2009-04-13 18:38 . 2009-04-13 18:38 152904 ----a-w- c:\windows\system32\vghd.scr
2009-04-13 18:38 . 2009-04-13 18:38 -------- d-----w- c:\users\jorandall62\AppData\Roaming\vghd
2009-04-12 12:31 . 2008-01-03 23:16 -------- d-----w- c:\users\jorandall62\AppData\Roaming\XnView
2009-04-10 22:51 . 2009-04-10 22:51 -------- d-----w- c:\programdata\Soulseek
2009-04-10 21:36 . 2009-04-01 23:28 -------- d-----w- c:\users\jorandall62\AppData\Roaming\Shareaza
2009-04-07 15:55 . 2008-12-27 11:37 86576 ----a-w- c:\users\jorandall62\AppData\Roaming\Microsoft\Services Windows Live\Raccourci Galerie de Photos Windows Live.exe
2009-04-07 15:55 . 2008-12-27 11:37 132672 ----a-w- c:\users\jorandall62\AppData\Roaming\Microsoft\Services Windows Live\Raccourci Windows Live Messenger.exe
2009-04-07 15:55 . 2008-12-27 11:37 392728 ----a-w- c:\users\jorandall62\AppData\Roaming\Microsoft\Services Windows Live\Services Windows Live.dll
2009-04-07 11:29 . 2007-09-20 13:04 680 ----a-w- c:\users\jorandall62\AppData\Local\d3d9caps.dat
2009-04-07 11:07 . 2009-04-07 11:07 -------- d-----w- c:\program files\Microsoft Sync Framework
2009-04-06 14:06 . 2009-04-06 14:06 155648 ----a-w- c:\windows\system32\libssl32.dll
2009-04-06 10:25 . 2008-08-18 14:02 -------- d-----w- c:\programdata\NOS
2009-03-17 03:38 . 2009-04-15 10:34 13824 ----a-w- c:\windows\system32\apilogen.dll
2009-03-17 03:38 . 2009-04-15 10:34 24064 ----a-w- c:\windows\system32\amxread.dll
2009-03-09 03:19 . 2008-12-27 21:50 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-03-08 16:42 . 2009-03-08 16:42 684872 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2005-05-18 11:27 . 2008-08-01 13:55 1564 ----a-w- c:\program files\Readme.txt
2008-08-03 20:34 . 2008-08-03 20:34 122880 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
2007-09-16 07:06 . 2007-09-16 17:38 66408 ----a-w- c:\program files\mozilla firefox\components\jar50.dll
2007-09-16 07:06 . 2007-09-16 17:38 54112 ----a-w- c:\program files\mozilla firefox\components\jsd3250.dll
2007-09-16 07:06 . 2007-09-16 17:38 34688 ----a-w- c:\program files\mozilla firefox\components\myspell.dll
2007-09-16 07:06 . 2007-09-16 17:38 46456 ----a-w- c:\program files\mozilla firefox\components\spellchk.dll
2007-09-16 07:07 . 2007-09-16 17:38 171880 ----a-w- c:\program files\mozilla firefox\components\xpinstal.dll
2006-05-03 10:06 . 2009-05-28 14:58 163328 --sha-r- c:\windows\System32\flvDX.dll
2007-02-21 11:47 . 2009-05-29 13:55 31232 --sh--r- c:\windows\System32\msfDX.dll
2008-03-16 13:30 . 2009-05-28 14:58 216064 --sha-r- c:\windows\System32\nbDX.dll
.

((((((((((((((((((((((((((((( SnapShot@2009-06-04_09.19.54 )))))))))))))))))))))))))))))))))))))))))
.
- 2007-01-02 11:57 . 2009-06-04 08:37 96480 c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2007-01-02 11:57 . 2009-06-04 14:33 96480 c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2007-09-16 16:28 . 2009-06-04 17:34 23150 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-641817250-3860369117-549646289-1000_UserData.bin
- 2008-01-31 17:24 . 2009-06-04 08:37 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-01-31 17:24 . 2009-06-04 14:32 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-01-31 17:24 . 2009-06-04 08:37 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-01-31 17:24 . 2009-06-04 14:32 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-01-31 17:24 . 2009-06-04 08:37 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-01-31 17:24 . 2009-06-04 14:32 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2007-11-03 15:41 . 2009-05-28 19:09 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2007-11-03 15:41 . 2009-06-04 10:15 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2007-11-03 15:41 . 2009-06-04 10:15 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2007-11-03 15:41 . 2009-05-28 19:09 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2007-11-03 15:41 . 2009-06-04 10:15 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2007-11-03 15:41 . 2009-05-28 19:09 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2006-11-02 13:05 . 2009-06-04 17:34 105932 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2006-11-02 13:05 . 2009-06-04 08:37 105932 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2008-01-22 152872]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-05-27 1830128]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"ccleaner"="c:\program files\CCleaner\CCleaner.exe" [2007-11-22 787696]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-11-06 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-11-06 8530464]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-11-06 81920]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2009-04-29 188728]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-07 413696]
"snp2uvc"="c:\windows\vsnp2uvc.exe" [2007-07-11 569344]
"tsnp2uvc"="c:\windows\tsnp2uvc.exe" [2007-07-11 237568]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
BlueSoleil.lnk - c:\program files\IVT Corporation\BlueSoleil\gprs.exe [2007-12-27 43608]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"FilterAdministratorToken"= 0
"EnableUIADesktopToggle"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 10:05 356352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~3\GoogleDesktopNetwork3.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"="0x00000000"
"UpdatesDisableNotify"="0x00000000"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"DefaultOutboundAction"= 0 (0x0)
"DefaultInboundAction"= 1 (0x1)
"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{B0CEABE2-9804-4FD3-9DA5-56CD7BB65874}"= Disabled:UDP:c:\program files\Alwil Software\Avast4\ashAvast.exe:avast! Antivirus
"{56D49FDB-819E-47C1-A527-98BA0606717F}"= Disabled:TCP:c:\program files\Alwil Software\Avast4\ashAvast.exe:avast! Antivirus
"TCP Query User{3CCE7B96-E0DE-4AF5-A832-6DEA6555977F}c:\\program files\\msn messenger\\msnmsgr.exe"= UDP:c:\program files\msn messenger\msnmsgr.exe:Messenger
"UDP Query User{68B54872-872B-45E7-AFD2-99643E4B5202}c:\\program files\\msn messenger\\msnmsgr.exe"= TCP:c:\program files\msn messenger\msnmsgr.exe:Messenger
"TCP Query User{E966C56B-2CE0-4B56-9659-1DD541843AEE}c:\\program files\\emule\\emule.exe"= UDP:c:\program files\emule\emule.exe:eMule
"UDP Query User{21492215-4B7A-43A9-8657-72A138524CEA}c:\\program files\\emule\\emule.exe"= TCP:c:\program files\emule\emule.exe:eMule
"{99A3AD36-B1EF-410C-B50C-B2DCE7E6679A}"= Disabled:UDP:6346:shareaza
"{EF2A56C3-8835-4F56-A9CA-4F186798B5B6}"= Disabled:TCP:6346:shareaza
"TCP Query User{766C9D47-BD9A-4622-B596-B425DDE6D00C}c:\\program files\\java\\jre6\\bin\\javaw.exe"= UDP:c:\program files\java\jre6\bin\javaw.exe:Java(TM) Platform SE binary
"UDP Query User{60AD0065-D2A9-4BA4-879D-2213F97F935D}c:\\program files\\java\\jre6\\bin\\javaw.exe"= TCP:c:\program files\java\jre6\bin\javaw.exe:Java(TM) Platform SE binary
"TCP Query User{F4FE2058-5F71-4FD0-B8EA-0646BF2BE33B}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{2C4AE294-C12D-4F59-9E3F-5CA527C987B9}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"{48A787A1-B89B-4044-875A-C6021447B114}"= Disabled:UDP:c:\program files\Omemo\Omemo.exe:Omemo
"{4D0CE41B-53A5-4582-BA24-2C299D1255F3}"= Disabled:TCP:c:\program files\Omemo\Omemo.exe:Omemo
"TCP Query User{AEAD9F9A-0649-48C3-BD08-0EB04AFC9161}c:\\program files\\vuze\\azureus.exe"= UDP:c:\program files\vuze\azureus.exe:Azureus
"UDP Query User{E6E38BB7-775F-48F3-B3A0-7291A06D8C40}c:\\program files\\vuze\\azureus.exe"= TCP:c:\program files\vuze\azureus.exe:Azureus
"6850a7ed-18ea-4859-be34-3f018205ea2b"= UDP:45550:emuletcp2
"85afbcb4-58f1-4d9c-9868-fa960b8691b8"= TCP:45560:emuleudp2
"{01F006D0-AED2-4987-8F0E-C11AA11DB7C2}"= UDP:c:\program files\IVT Corporation\BlueSoleil\BlueSoleil.exe:BlueSoleil
"{C9AC9B0F-2F9C-45D4-8D22-55424321C18D}"= TCP:c:\program files\IVT Corporation\BlueSoleil\BlueSoleil.exe:BlueSoleil
"{7AEEFB85-936E-45B6-BA2B-4F455A382926}"= UDP:c:\program files\IVT Corporation\BlueSoleil\BlueSoleil.exe:BlueSoleil
"{C4D61FD9-AF4E-4515-9913-99B4948365AD}"= TCP:c:\program files\IVT Corporation\BlueSoleil\BlueSoleil.exe:BlueSoleil

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\Program Files\\BitTorrent\\bittorrent.exe"= c:\program files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent
"c:\\Program Files\\PPMate\\ppmate.exe"= c:\program files\PPMate\ppmate.exe:*:Enabled:PPMate
"c:\\Program Files\\PPMate\\ppamnet.exe"= c:\program files\PPMate\ppamnet.exe:*:Enabled:PPMate

R0 ViBus;ViBus;c:\windows\System32\drivers\ViBus.sys [2008-07-29 20632]
R0 ViPrt;VIA SATA IDE Device Driver;c:\windows\System32\drivers\ViPrt.sys [2008-07-29 56984]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2009-03-23 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2009-03-23 72944]
R2 Start BT in service;Start BT in service;c:\program files\IVT Corporation\BlueSoleil\StartSkysolSvc.exe [2007-12-27 51816]
R3 Ph3xIB32;Philips 713x Inbox PCI TV Card;c:\windows\System32\drivers\Ph3xIB32.sys [2007-04-03 1131136]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2009-03-23 7408]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\System32\drivers\viahduaa.sys [2008-07-29 230912]
R3 X10Hid;X10 Hid Device;c:\windows\System32\drivers\x10hid.sys [2007-01-03 13976]
S3 3xHybrid;Philips SAA713x PCI Card;c:\windows\System32\drivers\3xHybrid.sys [2007-01-09 1136600]
S3 EC168BDA;EC168BDA service;c:\windows\System32\drivers\EC168BDA.sys [2007-09-11 87296]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\MAGIX\Common\Database\bin\fbserver.exe [2008-06-28 1527900]
S3 fssfltr;FssFltr;c:\windows\System32\drivers\fssfltr.sys [2009-04-09 55280]
S3 fsssvc;Windows Live Contrôle parental;c:\program files\Windows Live\Family Safety\fsssvc.exe [2009-02-06 533360]
S3 getPlus(R) Helper;getPlus(R) Helper;c:\program files\NOS\bin\getPlus_HelperSvc.exe [2009-04-06 33176]
S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2007-09-16 29744]
S3 maconfservice;Ma-Config Service;c:\program files\ma-config.com\maconfservice.exe [2008-07-25 191656]
S3 VNICPKT5;VNICPKT5 Protocol Driver;c:\windows\System32\VNICPKT5.sys [2008-07-29 15104]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bdx REG_MULTI_SZ scan
bthsvcs REG_MULTI_SZ BthServ
.
Contenu du dossier 'Tâches planifiées'

2009-06-04 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-09-16 16:34]

2009-06-04 c:\windows\Tasks\User_Feed_Synchronization-{5E292245-7621-4F92-935E-A5F0AA323B76}.job
- c:\windows\system32\msfeedssync.exe [2008-03-21 07:33]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.google.fr/webhp?sourceid=navclient&hl=fr&ie=UTF-8
IE: Add to AMV Converter... - c:\program files\MP3 Player Utilities 4.13\AMVConverter\grab.html
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: MediaManager tool grab multimedia file - c:\program files\MP3 Player Utilities 4.13\MediaManager\grab.html
IE: Recherche sur eBay - c:\program files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
FF - ProfilePath -

---- PARAMETRES FIREFOX ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.allow_platform_file_picker", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.cookie.p3plevel", 1); // 0=low, 1=medium, 2=high, 3=custom
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.enablePad", false); // Allow client to do proxy autodiscovery
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.hideGoButton", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.default", "chrome://branding/content/searchconfig.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.custom", "chrome://branding/content/searchconfig.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("signon.prefillForms", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.remoteLookups", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.provider.0.updateURL", "http://sb.google.com/safebrowsing/update?client={moz:client}&appver={moz:version}&");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.provider.0.lookupURL", "http://sb.google.com/safebrowsing/lookup?sourceid=firefox-antiphish&features=TrustRank&client={moz:client}&appver={moz:version}&");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.provider.0.reportURL", "http://sb.google.com/safebrowsing/report?");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-04 19:33
Windows 6.0.6001 Service Pack 1 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------

[HKEY_USERS\S-1-5-21-641817250-3860369117-549646289-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{A7AC858C-5DFC-36D6-1766-51AAB3C5BA2A}*]
"bbdknjbpjbcngmlipcndijdnipfcindmejpf"=hex:61,61,00,00
"abdknjbpjbcngmlipcielknkeopfdompbo"=hex:61,61,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\[u]0/u000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\[u]0/u001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\[u]0/u002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\[u]0/u003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'Explorer.exe'(2468)
c:\program files\SmartFTP Client\SmartHook.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\windows\System32\nvvsvc.exe
c:\windows\System32\audiodg.exe
c:\windows\System32\rundll32.exe
c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
c:\program files\IVT Corporation\BlueSoleil\BTNtService.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\progra~1\COMMON~1\X10\Common\X10nets.exe
c:\windows\System32\WUDFHost.exe
c:\windows\System32\conime.exe
c:\windows\System32\rundll32.exe
c:\program files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
c:\windows\ehome\ehmsas.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\IVT Corporation\BlueSoleil\BlueSoleil.exe
c:\windows\ehome\ehsched.exe
c:\program files\IVT Corporation\BlueSoleil\BlueSoleil VoIP Plugin.exe
c:\windows\ehome\ehrecvr.exe
.
**************************************************************************
.
Heure de fin: 2009-06-04 19:40 - La machine a redémarré
ComboFix-quarantined-files.txt 2009-06-04 17:40
ComboFix2.txt 2009-06-04 12:08
ComboFix3.txt 2009-06-04 09:21
ComboFix4.txt 2009-06-03 17:30

Avant-CF: 12,253,048,832 octets libres
Après-CF: 11,477,372,928 octets libres

356 --- E O F --- 2009-06-03 01:04
0
Réponse 60 / 162
Utilisateur anonyme
4 juin 2009 à 20:03
relances OAD en tapant dedans : Spy Emergency
0

Discussions similaires

ATTENTION A FREE FLEX
Floriane27eure -
BENISEFRANCA -

13 réponses
La messagerie vocale ne se déclenche pas.
Wolgulc -
T3chN0g3n -

6 réponses